Home Ashdown Forest Riding Association

Privacy Policy

 GDPR – AFRA Data Privacy Policy - V1.0 December 2018

What personal data does AFRA (Ashdown Forest Riding Association) collect?

The data we collect includes names, addresses, age, gender and contact information. Parental consent forms are also submitted to ride organisers / secretaries.

The data is collected directly from Members and others entering AFRA events.

We may also record data about people making enquiries to AFRA who are not members for the purposes of providing information about membership and events.

We may hold photographs of individuals including generic photographs where individuals may be difficult to identify.

What is this personal data used for?

We use members’ data for the administration of your membership; the communication of information, including sending the AFRA Update newsletter and the organisation of events. Specifically a members’ email address is used to send out information relating to the Annual General Meeting. The postal address is used for this information when an email address is not available.

Parental consent forms are also submitted to event organisers / secretaries.

We provide a limited amount of data for use by organisers and volunteers for the proper and accurate administration of our pleasure rides or other events. 

Who is your data shared with?

Member data is provided to the AFRA Committee and to those organising AFRA events.

Member data may be passed to our Card processing providers for financial transactions related to event entries, membership and other online purchases.

Membership Lists may be sent to an external mailing house for the purpose of printing and distributing letters or other communications to members. The mailing house deletes this information once the distribution has been made.

Using MyClubHouse, you can elect to share your contact details with other AFRA members.  The default setting is that this information is NOT shared.

Where does this data come from?

Member data is sourced directly from the member through online or paper application forms and can be viewed and amended online by the member or by request to the AFRA secretary.

How is your data stored?

Most of our data, including our main database, is stored in a secure database hosted by MyClubHouse in compliance with the GDPR.

Information for event organisers is usually provided via spreadsheets which are held locally and destroyed when they are no longer required.

Most member emails will be sent using the facilities of MyClubHouse which is GDPR compliant.  Individual emails to and from members of the AFRA Committee may be sent using their own personal accounts.

The remainder of our data is kept in the form of written documents stored by our secretary.

Who is responsible for ensuring compliance with the relevant laws and regulations?

Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring AFRA discharges its obligations under the GDPR is the Secretary. The Secretary will maintain a log of data breaches and notify the ICO and any members affected as necessary, in accordance with our legal obligations.

Who has access to your data?

Members of the AFRA Committee have access to members’ data in order for them to carry out their legitimate tasks for the organisations, such as responding to enquiries from those members.

Those organising AFRA events are sent the limited information necessary for them to accurately and safely administer their event.

Sub-contractors of AFRA may be given access to data for specific tasks, such as mailing AFRA letters or written communications on our behalf. They are not allowed to use it for any other purpose.

Other AFRA members may have access to your personal data only if you have chosen to share it with them.

What is the lawful basis for collecting this data?

AFRA collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation.

For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.

How you can check what data we have about you?

If you want to see the basic membership data we hold about you, you can log in to www.MyClubHouse.co.uk/AFRA. There you can also update most of your details or change the permissions you wish to grant for the use of your data.

You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within 30 days.

There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.

Does AFRA collect any “special” data?

The GDPR refers to sensitive personal data as “special categories of personal data”.

Medical information may be held when provided by a rider, in confidence, and used in the event of an accident. Parental consent forms are also submitted to event organisers.

How can you ask for data to be removed, limited or corrected?

There are various ways in which you can limit how your data is used:

  • • You could maintain your AFRA membership with your correct name but with limited contact details. However, we do need to have at least one method of contacting you. You could for example simply maintain an up-to-date email address, but of course this would limit what we are able to provide you with in the way of written information, so you would not be able to get AFRA communications in printed form or any other member benefits that require a mailing address.
  • • You do not need to provide us with your date of birth unless you wish to enter age-limited classes or gain concessions based on age.
  • • Any of these options can be implemented by logging on to the AFRA website www.MyClubHouse.co.uk/AFRA and editing your details there, either to correct erroneous data or to delete information you do not wish us to have. If you need any assistance with this, you may contact the secretary.
  • • You may ask that any photograph of you that appears on the website be deleted by contacting the secretary or the website administrator.

How long we keep your data for, and why?

We normally keep members’ data after their membership lapses. This is because we find members sometimes later wish to re-join, sometimes with a break of a year or more. However, we will delete any former member’s contact details entirely and will comply with a right to be forgotten on request.

Other data, such as that relating to accounting matters, is kept for at least the legally required or recommended period – 7 years for financial transactions.

Cookies

Our website uses cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies may be either "persistent" cookies or "session" cookies:

  • • A persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date
  • • A session cookie will expire at the end of the user session, when the web browser is closed.

We, Ashdown Forest Riding Association, make use of the myClubhouse software supplied by Simmetrics Ltd to process personal data we include on our myClubhouse website in accordance with our privacy policy set out above. Simmetrics Ltd processes your personal data on our behalf and they can only do so in accordance with our written instructions. You can find the details of our data processor’s privacy policy here: http://www.myclubhouse.co.uk/ Home/PrivacyPolicy.